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REMARKS 

The rejections of record are untenable because none of the cited references, either alone 
or in combination, teach or suggest a method including the steps of (a) "issuing keys to users 
from domains within the hierarchy upon the basis of their grouping," or (b) "allocating keys to 
users which are indicative to a service provider of the level of service to which they are entitled," 
and (c) "for at least one level of service provision, allocating dummy keys which do not provide 
security for the provision of the service," as claimed. 

The claims currently under examination, claims 1-14, stand rejected as follows: 

1 . under 35 U.S.C. § 103(a) as allegedly being unpatentable over U.S. Patent 7,039,803 to 
Lotspiech (hereinafter "Lotspiech") in view of U.S. Patent Application Publication 2002/0029337 
to Sudia (hereinafter "Sudia"). See Final Rejection dated August 31, 2007. 

2. under 35 U.S.C. § 103(a) as being unpatentable over Sudia in view of Lotspiech. 
None of these references teaches or suggests (a) "issuing keys to users from domain 

within the hierarchy upon the basis of their grouping," (e.g. see claims 1, 13 or 14), (b) 
"allocating keys to users which are indicative to a service provider of the level of service to 
which they are entitled," and (c) "for at least one level of service provision, allocating dummy 
keys which do not provide security for the provision of the service." (e.g. see claim 10). See final 
Office Action dated August 31, 2007. (hereinafter "OA"). 

The invention as claimed groups users of a service within a hierarchy. Keys are issued 
from a domain, or according to a level of service the user is to be provided. This enables one 
group of users, for example low value users that subscribe to a lower level of service, to have less 
of an effect on another group of users, for example high value users that subscribe to a higher 
level of service. The result may be that low value users may experience the inconvenience of key 
reissue more frequently than the higher value users. Further, decisions may be taken to ignore 
invalidation in the low value user group with only a relatively low likelihood of compromise of 
the higher value services due to the distinct positioning of domains within the cryptographic 
hierarchy. 

First, the Examiner cites Lotspiech as teaching "issuing keys to users from domains 
within the hierarchy upon the basis of their grouping." (OA, page 5, line 9) However, there is no 
teaching or suggestion that a key is issued to a user from a domain within the hierarchy, based 
upon the user's grouping. Rather, Lotspiech teaches that users are grouped into possibly 
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overlapping subsets, with each subset having a unique key, and each user assigned respective 
private information I u . (Lotspiech, column 3, lines 11-14) Lotspiech teaches: 

"A user's private information I u is preferably found as information ij in a 
transmitted message that indicates that a user belongs to a subset Sy of one of the 
groups... A subset key Ly can then be obtained from or derived using the private 
information of the user" (Lotspiech, column 3, lines 29-34) 
This private information I u can be supplied by the system, (Lotspiech, column 6, lines 41-43). 
and consists of the receiver's position in the tree and the subset keys associated with its ancestor 
nodes. (Lotspiech, column 8, lines 23-26). Thus, there is no teaching or indication in Lotspiech 
that the private information assigned to the user is based upon their grouping. Rather, the private 
information is obtained from the labels of nodes that are not in direct path between the receiver 
and the root node, and is associated with more than one subset. Thus, if the user is in a certain 
group, which is in a specific domain of the hierarchical tree, the labels would be obtained from 
an ancestor of the receiver node. Thus, the labels utilized to make the private information 
assigned to the user are not derived from associations of the user, but rather from nodes that are 
explicitly NOT associated with the user. There is no indication in Lotspiech that the labels are 
obtained from the domain in which the receiver resides. Rather, Lotspiech seemingly teaches the 
opposite - that the labels would be obtained by nodes "that 'hang' off the direct path and are 
inducted by some node vi, and ancestor of u." (Lotspiech, column 10, lines 3-10) Thus, 
Lotspiech clearly fails to teach "issuing keys to users from domains within the hierarchy upon the 
basis of their grouping." (claim 1) Thus, in Lotspiech, the users are partitioned into disjoint 
subsets that have associated subset keys, but there is no indication that the users are assigned 
keys. Rather, the users are assigned private information that is utilized to decrypt the subset keys 
(Lotspiech, column 6, lines 41-53). 

Correspondingly, Lotspiech also fails to teach "allocating keys to users which are 
indicative to a service provider of the level of service to which they are entitled." (claim 10) 
There is no teaching or suggestion in Lotspiech that the private information I u contains any 
information that indicates to a service provider the level of service to which a user is entitled. As 
shown above, there is no indication or teaching in Lotspiech of allocating a key to a user based 
upon the associations or groupings of that user. 

Second, Sudia fails to teach "issuing keys to users from domains within the hierarchy 
upon the basis of their grouping." (claim 1) Sudia teaches the use of digital signatures and public- 
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key certificates. Specifically, Sudia states that a Certification Authority (CA) signs a public key 
of a user that bind a user's name to the public key. (Sudia, paragraph 0013) There is no teaching 
or suggestion in Sudia of issuing keys to users, let alone that a key is issued to a user from a 
domain. Rather, the key, in association with a public-key certificate, is certified by a CA. Thus, 
the user already has a key that has been issued. The specific ways in which keys are issued are 
not addressed in Sudia; rather, well-known cryptographic systems are discussed which explain 
how keys are obtained and/or utilized. There is no teaching or suggestion in these systems, or in 
Sudia, that a key is issued to a user from domains within the hierarchy. Thus, Sudia also fails to 
teach this feature of the invention as claimed, 

Third, the Examiner cites Sudia as teaching "allocating keys to users which are indicative 
to a service provider of the level of service to which they are entitled." (claim 10) (OA, page 9, 
lines 7-8) The Examiner then cites column and line numbers to teach this feature, supposedly of 
Sudia. However, Applicants note that Sudia is a Patent Application Publication, which is 
structured in paragraph form. Thus, this citation is clearly in error. 

Applicant could not find any relevant teaching in Sudia as to allocating keys to users. As 
noted above, Sudia teaches binding public keys to users. There is no teaching or suggestion of 
allocating or issuing keys in Sudia, let alone allocating keys that are indicative to a service 
provider of a level of service to which the user is entitled. Thus, Sudia clearly fails to teach this 
feature of the invention as claimed. 

As mentioned, Lotspiech also fails to teach this feature. There is no teaching of service 
providers in Lotspiech, or of indicating a level of service to which a user is entitled. Further, 
there is no teaching or suggestion of allocating keys that would provide such an indication to a 
service provider. As mentioned above, Lotspiech teaches supplying a user with private 
information I u that consists of its position in the tree and the subset keys associated with its 
ancestor nodes. (Lotspiech, column 8, lines 23-26). There is no mention or teaching that the 
private information includes an indication of a level of service to which the user is entitled. 
Lotspiech also fails to teach this feature of the invention as claimed. 

Fourth, the Examiner asserts that "Sudia does not explicitly disclose for at least one level 
of service provision allocating placebo keys which do not provide security for the provision of 
the services." (OA, page 9, lines 9-10). Rather, the Examiner cites the session key K of 
Lotspiech to teach this feature. First, Lotspiech does not teach levels of service provision. Thus, 
Lotspiech would necessarily fail to teach allocating keys based upon a level of service provision. 
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However, even if the session key K were to be incorrectly interpreted as allocated for a specific 
level of service provision, the session key K is not a placebo key. Specifically, Lotspiech teach 
that the session key K is utilized to encrypt content that is broadcast in a message M. (Lotspiech, 
column 6, lines 54-57). Thus, the session key K is not a placebo key, because it provides security 
for the system of Lotspiech. There is no teaching or suggestion in Lotspiech of a key that does 
not provide security for the system. Thus, Lotspiech also fails to teach this feature of the 
invention as claimed. 

Fifth, one of skill in the art would have been devoid of any motivation and reasonable 
expectation of success in combining the teachings of Lotspiech and Sudia. Lotspiech appears 
generally relevant to cryptographic keys generated from an ancestral hierarchy. Sudia is related 
to digital signatures. The Examiner contends this to be an 'analogous art'. However, digital 
signatures and cryptographic keys are two very different things which serve two very different 
purposes: keys protect and restrict access; whereas signatures authenticate. Thus, it is 
respectfully submitted that this combination would not occur to one of ordinary skill in the art of 
encryption and thus is not proper. Further, even if the combination were made, fundamental 
elements of the claims are missing from the combination. 
Conclusion: 

In view of the foregoing, it is respectfully submitted that the application is in condition 
for allowance. Applicants reserve the right to supplement these remarks and, should the 
application not be allowed, submit additional arguments in an Appeal Brief or at some later stage 
of prosecution. 

At any time during the pendency of this application, please charge any fees required or 
credit any over payment to Deposit Account 08-2025 pursuant to 37 C.F.R. § 1.25. 
Additionally, charge any fees to Deposit Account 08-2025 under 37 C.F.R. §1.16 through 
§ 1.21 inclusive, and any other sections in Title 37 of the Code of Federal Regulations that 
may regulate fees. 



Respectfully submitted, 



HEWLETT-PACKARD COMPANY 
Customer Number: 22879 
Telephone: (202) 672-5300 
Facsimile: (202) 672-5399 





Attorney for Applicant 
Registration No. 26,874 
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